A Culture Shift: IT Security to Smart Grid Security
With the global excitement and opportunity of the Smart Grid, a lot of historically IT-focused companies, including Cisco, are entering the market. It’s important to note that there are unique characteristics of the grid when attempting to apply IT security solutions. In this post I’ll focus on the primary goal of power generation and delivery: reliability. In subsequent posts I’ll discuss other security requirements of the grid (such as integrity, authentication, and confidentiality), and how we can apply lessons learned from the IT sector.
To better understand the culture shift from securing IT systems, we need to clarify the focus of grid security. In the IT world, we often focus on protecting information. For example, in United States Department of Defense circles, security is usually referred to as Information Assurance. Smart Grid security (usually called “cyber security,” or just “cyber” by electric sector practitioners) however, concerns itself with making sure that systems continue to operate in the case of a security event. An equivalent term for the grid would be “Continuation Assurance.” The smart grid community considers the potential to affect system reliability a cyber security issue, from disgruntled insiders to operator error or a deliberate attack from the outside that affects any portion of the grid – substations, data centers, operations centers, neighborhood area networks, and eventually homes. The effectiveness of cyber security measures will be judged mainly on their contribution to keeping the systems running!
Why is reliability key to the grid?
We often think of financial consequences when IT systems fail – customers cannot place transactions, users are not able to access systems to do their jobs, and communication along the supply chain is impacted. In addition to these consequences, the grid contains systems that are much more sensitive to failure, such as nuclear power plants, hydroelectric dams, coal-fired generation plants, gas generators, and high-voltage transmission lines. Physical consequences have been demonstrated as the result of cyber security compromises, such as in this Department of Homeland Security video known as the “Aurora Generator Test”:
Many utilities are regulated by the North American Electric Reliability Corporation (NERC), designated by the Federal Energy Regulatory Commission to enforce reliability standards on the “Bulk Electric System.” “Bulk Electric System” includes most generation and transmission utilities that operate systems at 100 kilovolts or higher. NERC has the authority to levy fines on utilities that do not meet reliability standards. Note that the regulation focuses on reliability standards over security standards. Cyber security has its place, of course, as a subset of the NERC reliability standards, and they are known as Critical Infrastructure Protection, or CIP standards.
IT security technologies such as firewalls, protection from denial of service, and intrusion detection & prevention can help mitigate many deliberate attacks and help to prevent accidental violations from propagating through the network. Redundant systems and multiple paths, while not strictly security technologies, can also increase the resilience of the network. A combination of product and architectural approaches will ultimately be needed to properly build a reliable grid network.
The bottom line is that cyber security architectures must be designed to ensure that breaches do not impact system operation. This will often mean that systems fail-open to certain types of security events, and audit logs and other forensic information will be used to correct and prevent future events. Remediation processes will need to be developed that accommodate changes to running, production systems. Designing resilient smart grid systems that scale to the size of the grid, and that remain within cost constraints are a significant challenge, but should be a key goal of product manufacturers and systems engineers.